The Reality of Ransomware - Part 1 of 2

 

Did you know?..

-That every 40 seconds a business gets hit with ransomware, up from every 2 minutes in 2016.
-15% or more of businesses in the top 10 industry sectors have been attacked.
-72% of infected businesses lost access to data for 2 days or more.
-71% of companies targeted by ransomware attacks have been infected?
-47% of businesses have been victims of ransomware.
-67% of businesses hit with ransomware permanently lost part or all of their corporate data..
-1 in 5 small to medium businesses paid the ransom and never got their data back..

Today, Ransomware is one of the top 5 threats to the digital world for businesses and home owners alike. Ransomware is a form of malware or malicious software that is a lot more complicated than traditional malware. It makes its way to your machine through phished emails, as well as, malicious websites.

It can present its self in two ways.:

1. Locker Ransomware. This form of ransomware encrypts the whole hardrive of the computer or server, potentially locking the user out of the entire system.
2. Crypto Ransomware. This will only encrypt specific, important files on the computer. Word, excel, PDF, database, and image files are all commonly targeted and made inaccessible until the supposed ransom is paid. When a network is infected, it can be shown in several ways. The first and most obvious way to know when an infection occurred is by observing the files you used to be able to access. A document that was once finance.doc(word) will now be finance.supercrypt(ransomware). There are hundreds of variants of ransomware types and the extensions will vary depending on what the infection is. There is also a text file left on the desktop that will tell you what to do and how much to pay in order to get your files back.

As an IT technician that has observed and dealt with many cases of ransomware attacks, there are a couple of points that I cannot stress enough:

1. Backups. Backups will be your lifeline in the case of a ransomware attack. If you have proper backups of your data, your network can be restored anywhere between 24-48 hours with little to no data lost if caught early enough. Be aware that the most efficient backup location is to a NAS device or offsite device and not a USB one, as Ransomware encrypts all drives and will attack your backup location as well if the computer recognizes it as a drive. A NAS (Network Attached Storage) exists as a separate machine on your network. Instead of the backups going to a USB location on your machine, the backups are being pointed to an IP address which most ransomware variants can’t access. This is best practice in terms of reactive responses to ransomware attacks. Next week we will we will talk about 2 more points that I would like to stress and go into more details of the type of backups that should be occurring as well as proactive counter measures you, families, and businesses can take to prevent a ransomware infection.

-Caleb Senechal, RawTec Service Manager